On Mon, Jul 29, 2019 at 08:37:39PM +0200, Georg Sauthoff wrote:
>> Having psql try to clear it out
>> seems rather pointless to me, as (a) that does nothing for instances
>> of the value that appear in the environments of ancestor processes,
>
> I don't know why you bring that up. It would only be pointless if the
> password would appear in the original environment vector of ancestor
> processes. It would also be pointless if an ancestor process would write
> it to disk. But why would you want to do that?
The point of Tom is that If PGPASSWORD is set at user level, say a
.bashrc, then you have the problem for all commands run by this user,
and not only psql, so it is a bit pointless to do that only from the
point of view of psql, because it does not address the root of the
issue.
--
Michael